On February 6, 2018, Apple received a grand jury subpoena for name and phone records involving 109 email addresses and phone numbers. It was one of more than 250 data requests the company received from US law enforcement on average every week at the time. An Apple paralegal complied and provided the information.
This year, a hiatus order on the summons expired. Apple said it alerted people who were the subject of the summons, as it does with dozens of customers every day.
But this request was unusual.
Without knowing it, Apple said, it was Congress staff members handed over the data, his family and at least two members of Congress, including Representative Adam B. Schiff of California, then the top Democrat on the House Intelligence Committee and now its chairman. It turned out that the summons was part of a broader investigation by the Trump administration into the leak of classified information.
Revelations have now thrown Apple in the middle of a firestorm Trump Administration Efforts to Find Sources of News, and handling underscores a flood of law enforcement requests that tech companies are increasingly resisting. The number of these requests has soared to the thousands in recent years, leaving Apple and other tech giants like Google and Microsoft in an uncomfortable position among law enforcement, the courts and the customers whose privacy they have promised to protect.
Companies routinely comply with requests because they are legally required to do so. Summons can be ambiguous, so Apple, Google and others are often unclear on the nature or subject of the investigation. They may challenge certain subpoenas if they are too broad or if they pertain to a corporate client. In the first six months of 2020, Apple challenged the government’s 238 demands for its customers’ account data, or 4 percent of such requests.
As part of the same leak investigation by the Trump administration, Google this year fought a false order over a subpoena to turn over the data. Emails from four New York Times journalists. Ted Boutras, an outside attorney for The Times, said Google argued that its contract as the Times’ corporate email provider required that it notify the newspaper of any government requests for its email.
But more often than not, companies comply with law enforcement demands. And it underscores a strange truth: As their products become more central to people’s lives, the world’s biggest tech companies have become vital partners for surveillance intermediaries and executives, who have the power to mediate. Along with requests to respect and whom to reject.
“There’s definitely tension,” said Alan Z. Rosenshtein, an associate professor at the University of Minnesota’s Law School and a former Justice Department attorney. He noted that with “the insane amount of data these companies have” and how everyone has a smartphone, most law enforcement investigations “involve these companies at some point.”
On Friday, the Justice Department’s independent inspector general opened an inquiry In a decision by federal prosecutors to secretly confiscate the data of House Democrats and journalists. Top Senate Democrats also demanded that former Attorney Generals William P. Barr and Jeff Sessions testify before Congress about the leak investigation, specifically subpoenas issued to Apple and another to Microsoft.
Apple spokesman Fred Sainz said in a statement that the company regularly challenges government data requests and notifies affected customers as soon as legally possible.
“In this case, the subpoena, which was issued by a federal grand jury and included a nondisclosure order signed by a federal magistrate judge, did not provide any information as to the nature of the investigation, and for Apple It would have been nearly impossible to decipher the intended information without digging into users’ accounts,” he said. “In line with the request, Apple limited the information provided to customer information and did not provide any content such as emails or images. of.”
Microsoft said in a statement that it had received a subpoena in 2017 related to a personal email account. It said it notified the customer after the gag order was terminated and learned that the person was a Congressional staff member. “We will continue to aggressively pursue reforms that impose reasonable limits on government privacy in such matters,” the company said.
Google declined to comment on whether it had received the relevant summons. House Intelligence Committee inquiry.
The Justice Department has not publicly commented on whether to turn to the House Intelligence Committee’s record. In congressional testimony this week, Attorney General Merrick B. Garland shrugged off criticism of the Trump administration’s decisions and said the seizure of records was done “under a set of policies that existed for decades.”
In a Justice Department leak investigation, Apple and Microsoft altered so-called metadata of people working in Congress, including phone records, device information and addresses. It is not unusual for the Department of Justice to submit such metadata, as the information can be used to establish whether someone had contact with a member of the media or whether the person’s work or home accounts are anonymous. were linked to accounts that were used for classified dissemination. Information.
Under gag orders placed on summons by officials, Apple and Microsoft also agreed not to disclose the people whose information was being sought. In Apple’s case, the one-year gag order was renewed three separate times. This was in contrast to Google, which opposed a summons-holding order on four Times journalists to turn over data.
The different reactions are largely explained by the different relationships that companies had with their customers in the case. Apple and Microsoft were ordered to hand over data related to separate accounts, while the summons to Google affected a corporate client, which was governed by a contract. Lawyers said that contract gave Google a more specific basis on which the gag order could be challenged.
The subpoena to Apple was even more opaque — it only asked for information on a range of email addresses and phone numbers — and the company said it did not know anything related to the congressional investigation. To Google, it was clear that the Justice Department asked the Times for records because the email addresses apparently belonged to Times journalists.
Google said it generally does not handle requests for different customer information for different accounts and corporate customers. But the company has a strong argument for redirecting requests for corporate customers’ data based on its recommendations from the Justice Department.
in the guidelines issued in 2017, the Justice Department urged prosecutors to “seek data directly” from companies rather than going through a technology provider, unless doing so was impractical or would compromise investigations. The Justice Department tried to bypass The Times by going to Google to get information about journalists. Google declined to say whether it used Justice Department guidelines to fight the gag order.
google said it produced some data In 83 percent of the nearly 40,000 requests for information received from US government agencies in the first half of 2020. By comparison, it produced some data in 39 percent of requests for information about Google Cloud’s 398 paying corporate customers, including its email and web-hosting offerings, during the same time period.
Law enforcement requests for data from US tech companies have more than doubled in recent years. Facebook said it has received approximately 123,000 data requests from the US government last year, up from 37,000 in 2015.
Apple said that in the first half of 2020, it received an average of 400 requests a week for customer data from US law enforcement, more than double the rate five years ago. The company’s compliance rate has remained somewhere between 80 percent and 85 percent over the years.
Officials are also asking for more accounts information in every request. In the first half of 2020, each U.S. government summons or warrants 11 accounts or devices to Apple for an average of fewer than three accounts or devices in the first half of 2015, the company said.
Apple said it asked law enforcement to limit requests to 25 accounts each after the government began including more than 100 accounts in some summons, as it did in its 2018 investigation into the leaks. Police did not always comply, the company said.
A former senior lawyer for the company, who spoke on condition of anonymity, said Apple has often challenged the summons involving so many accounts because they were too broad. This person said it would not be surprising for Apple to challenge a 2018 Justice Department subpoena, but whether a request was challenged often depended on whether a paralegal handling the summons made it further. extended to more senior lawyers.
Charlie Savage Contributed reporting.